|
CyCognito Report Exposes Rising Software Supply Chain Threats
Thursday, September 26, 2024
Findings reveal escalating risks in the software supply chain, highlighting vulnerabilities in web servers, cryptographic protocols, and web interfaces that handle PII
PALO ALTO, Calif., Sept. 18, 2024 /PRNewswire/ -- CyCognito today announced the release of its second annual "State of External Exposure Management 2024," providing critical insights into the threats targeting external assets and the software supply chain.
Gartner reports that 60 percent of organizations work with over 1,000 third parties, many of which supply misconfigured or vulnerable hardware and software, putting customers at risk. High-profile vulnerabilities like MOVEit Transfer, Apache Log4J, and Polyfill underscore these risks--a concern further emphasized by CyCognito's report revealing that many vulnerabilities increasingly stem from third-party software.
To create this report, CyCognito's research team aggregated and analyzed over 39 million anonymized and normalized data points from its global customer base of small, medium, and large Fortune 500 companies. Key findings:
-- Web Servers Dominate Severe Issues: Web server environments, including
platforms like Apache, NGINX, Microsoft IIS, and Google Web Server, were
the host of one in three (34%) of all severe issues across surveyed
assets. They accounted for more severe issues than 54 other environments
combined (out of 60 total environments surveyed).
-- Impact of TLS and HTTPS Protocol Vulnerabilities: 15% of all severe
issues on the attack surface affect platforms using TLS or HTTPS
protocols. TLS issues are significant for all network-delivered data,
but web apps especially so; web apps lacking encryption are currently
ranked #2 of the OWASP Top 10.
-- Insufficient WAF Protection for PII-Handling Web Interfaces: Only half
of surveyed web interfaces that handle personally identifiable
information (PII) were protected by a WAF.
-- Web Interfaces Lacking HTTPS and WAF Leave PII Exposed: Despite HTTPS
celebrating its 30th birthday this year, almost one in three (31%) of
surveyed web interfaces failed to implement it. More than 60% of these
interfaces that expose PII also lack a WAF.
To download the full report, please visit this link.
About CyCognito
CyCognito is an exposure management platform that reduces risk by discovering, testing and prioritizing security issues. The platform scans billions of websites, cloud applications and APIs and uses advanced AI to identify the most critical risks and guide remediation. Emerging companies, government agencies and Fortune 500 organizations rely on CyCognito to secure and protect from growing threats. For more information, visit https://www.cycognito.com/
View original content:https://www.prnewswire.com/news-releases/cycognito-report-exposes-rising-software-supply-chain-threats-302251803.html
SOURCE CyCognito
|
|
|
|
|
|
 |
Energy Toolbase Launches Energy Storage Partnership with Sungrow to Support PowerStack 255CS and PowerTitan 2.0 | Jan 22, 2026
|
|
RS now offers Phoenix Contact's pioneering new NearFi technology | Jan 22, 2026
|
|
Quantum Art Raises $100 Million in Series A Round to Drive Scalable, Multi-Core Quantum Computing | Jan 22, 2026
|
|
MetaOptics to Showcase Five Breakthrough Metalens-Powered Products at CES 2026 | Jan 22, 2026
|
|
Fresco Raises EUR15m Series C to Power the Future of AI-Driven Cooking and the Connected Kitchen Ecosystem | Jan 22, 2026
|
|
No Assembly Required: Barrett Distribution Centers Powers Maxwood Furniture's West Coast DTC Expansion | Jan 22, 2026
|
|
SCAILIUM Debuts "AI Production Layer" to Overcome GPU Starvation and Slash AI Energy Waste | Jan 22, 2026
|
|
Einride and IonQ Partnership Uses Quantum Computing to Optimize the Logistics of Electric and Autonomous Freight | Jan 22, 2026
|
|
Hesai Recognized as the Only Lidar Company on Morgan Stanley's "Humanoid Tech 25" of Global Robotics Leaders | Jan 22, 2026
|
|
Ekinops New C700HC Chassis Efficiently Connects the Data Center and the Central Office | Jan 22, 2026
|
|
|
|
